The Google Cloud Storage service uses the concept of a
bucket as a container for all
the data. Buckets are usually created using the
Google Cloud Platform Console. The plugin
does not automatically create buckets.

The plugin must authenticate the requests it makes to the Google Cloud Storage
service. It is common for Google client libraries to employ a strategy named application default credentials.
However, that strategy is not supported for use with Elasticsearch. The
plugin operates under the Elasticsearch process, which runs with the security
manager enabled. The security manager obstructs the "automatic" credential discovery.
Therefore, you must configure service account
credentials even if you are using an environment that does not normally require
this configuration (such as Compute Engine, Kubernetes Engine or App Engine).

To provide this file to the plugin, it must be stored in the Elasticsearch keystore. You must
add a file setting with the name gcs.client.NAME.credentials_file using the add-file subcommand.
NAME is the name of the client configuration for the repository. The implicit client
name is default, but a different client name can be specified in the
repository settings with the client key.

Passing the file path via the GOOGLE_APPLICATION_CREDENTIALS environment
variable is not supported.

For example, if you added a gcs.client.my_alternate_client.credentials_file
setting in the keystore, you can configure a repository to use those credentials
like this: